1. The ajax of the post needs to submit the csrf_token field for security filtering
<meta name="csrf-token" content="{{ csrf_token() }}"> /* ajax backfills the form fields, then submits the form */ $.ajax({ headers: { 'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content') }, type: 'POST', url: '/ddoa/***', data: {event:'crm_user',ding_name:ding_name,ding_userid:ding_userid,ding_openId:ding_openId}, dataType: 'json', async : 'false', //sync success: function(data){ logger.i(data); console.log(data); if(data.code==1){ $("input[name='username']").val(data.username); $("input[name='password']").val('123456'); $("#loginForm").submit(); } }, error:function(data){ console.log(data); } });